<?php
/*
	云平台接口入口文件
	云平台访问机制——每次访问云平台需要先登录（输入论坛账号密码），登陆获得会话ID之后方可进行后续操作
 */
//获取访问入口
$in=dirname(__FILE__);
$in=str_replace(dirname($in),'',$in);
$in=substr($in,1);
define('IN',$in);
define('NOSESSION',true);
require '../core/core.php';
require 'common.php';
define('ROOT_MB',ROOT_AT.'mbs/');
define('ROOT_TEMP',ROOT_AT.'temp/');
define('SYSTEM_FILE',ROOT_AT. 'system_file');
define('PLUGIN_FILE',ROOT_AT. 'plugin_file/');
define('PLUGIN_ZIP',ROOT_AT.'plugin_zip/');
define('H5GAME_FILE',ROOT_AT. 'h5game_file/');
define('H5GAME_ZIP',ROOT_AT.'h5game_zip/');
define('ALIAPP_ZIP',ROOT_AT.'aliapp_zip/');
define('WXAPP_ZIP',ROOT_AT.'wxapp_zip/');
define('MANAGE_TEMPLATE_ZIP',ROOT_AT.'manage_template_zip/');
define('MANAGE_TEMPLATE_FILE',ROOT_AT. 'manage_template_file/');
//eci('云平台升级中！','error');
if(!POST){
	//非post请求
	exit('error1');
}
if($_GET['action']=='regsiter'){
	//输入账号密码获取云服务信息
	if(!$_POST['username'] || !$_POST['password']){
		exit();
	}
	pdo_delete('core_user_failed_login',array('lastupdate <'=>TIMESTAMP-3600));
	$failed = pdo_get('core_user_failed_login', array('name' => $name));
	if ($failed['count'] >= 5){
		exit(json_encode(array('type'=>'error','message'=>'账号被锁定')));
	}
	$record = pdo_get('core_users',array('name'=>trim($_POST['username'])));
	if(empty($record)){
		exit(json_encode(array('type'=>'error','message'=>'账号不存在或密码错误1！')));
	}
	if(!check_password($_POST['password'],$record['salt'],$record['password'])){
		if (empty($failed)) {
			pdo_insert('core_user_failed_login', array( 'name' => $name, 'count' => '1', 'lastupdate' => TIMESTAMP));
		} else {
			pdo_update('core_user_failed_login', array('count' => $failed['count'] + 1, 'lastupdate' => TIMESTAMP), array('id' => $failed['id']));
		}
		exit(json_encode(array('type'=>'error','message'=>'账号不存在或密码错误2！')));
	}
	$web=pdo_get('core_accounts',array('uniacid'=>$record['id']),array('token','aeskey'));
	if(!$web){
		exit(json_encode(array('type'=>'error','message'=>'账号不合法！')));
	}
	$res=array(
		'cloudkey'=>$web['token'],
		'secret'=>$web['aeskey'],
		'group'=>$web['group'],
		'username'=>$record['name'],
		'url'=>SITEROOT.'api/index.php',
	);
	exit(json_encode(array('type'=>'success','message'=>$res)));
}
//根据token查找用户数据
$token=trim($_POST['cloudkey']);
if(!$token){
	exit('error4');
}
if(trim($_POST['action'])=='api_shop.open_in'){
	define('SECRET','open_insecret');
}else{
	$_AR['site']=pdo_get('core_accounts',array('token'=>$token),array('uniacid','token','aeskey','groupid','endtime'));
	if(!$_AR['site']){
		eci('用户不存在！','error');
	}
	$_SESSION['uniacid']=$_AR['site']['uniacid'];
	define('CLOUDKEY',$_AR['site']['token']);
	define('GROUP',$_AR['site']['groupid']);
	define('SECRET',$_AR['site']['aeskey']);
}
//获取请求内容，校验签名、请求时间，请求时间戳不能超过五分钟
$time=intval($_POST['timestamp']);

if(!$time || ((TIMESTAMP+300) <$time) ||  (TIMESTAMP-$time)>300){
	//时间戳不合法，报错不显示具体原因。
	eci('time error','error');
}
$sign=$_POST['sign'];
unset($_POST['sign']);
if(trim($_POST['action'])=='api_shop.open_in'){
	$check_sign=get_sign($_POST,'open_insecret');
}else{
	$check_sign=get_sign($_POST,$_AR['site']['aeskey']);
}
if($check_sign != $sign){
	eci('签名错误！连接云服务失败，请检查云服务参数！','error');
}
if($_POST['table_pre']){
	$table_pre=trim($_POST['table_pre']);
	$table_pre=substr($table_pre,0,-1);
	$_AR['site']['table_pre']=$table_pre;
	define('WEB_TABLE_PRE',$_AR['site']['table_pre'].'_');
}
//读取请求参数
$_RQ=json_decode(base64_decode($_RQ['post']),true);
//处理请求内容
$action=trim($_POST['action']);
$action=explode('.',$action);
if(count($action)<2){
	eci('请求参数错误1！','error');
}
$p=$action['0'];
$a=$action['1'];
if($action['2']){
	$do=$action['2'];
}
if(!$p || !$a){
	eci('请求参数错误2！','error');
}
$action_file=ROOT_D.'/api/'.$p.'/'.$a.'.php';
if(!is_file($action_file)){
	eci('请求参数错误3！','error');
}
$_AR['sys_path'] =SYSTEM_FILE;
$_AR['mod_path'] =PLUGIN_FILE;
$_SESSION['table_pre']=WEB_TABLE_PRE;
if(is_file(ROOT_D.'/api/'.$p.'/init.php')){
	require(ROOT_D.'/api/'.$p.'/init.php');
}
require $action_file;
eci('无效操作符！！','error');
?>